Microsoft has admitted that it accidentally exposed sensitive customer data after failing to configure a server securely. Cybersecurity firm SOCRadar informed Microsoft about the embarrassing leak in September, which researchers claimed involved files dated from 2017 to August 2022. In addition, Microsoft warned that the exposed data may include "attached files relating to business between a customer and Microsoft or an authorized Microsoft partner." READ MORE...
Australian health insurer Medibank has started informing customers that their personal information was potentially compromised during a recent cyberattack. The incident was initially identified on October 12 and was deemed as being "consistent with the precursors to a ransomware event", resulting in certain systems being taken offline for containment purposes. Medibank said its systems were not encrypted by ransomware during the incident. READ MORE...
New York regulators continue turning the screws on organizations with slapdash computer security. This week, $4.5 million was extracted from vision insurance company EyeMed, which was accused of recklessly leaving hundreds of thousands of people's sensitive health information within reach of intruders. In addition to coughing up the cash to settle claims it violated New York State's Department of Financial Services' cyber security rules, EyeMed also agreed to improve its network defenses. READ MORE...
A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50. The spyware is deployed in a mass-surveillance operation that has been underway since at least 2016. In addition, multiple cybersecurity firms have reported on Domestic Kitten, which they believe is an Iranian state-sponsored hacking group. READ MORE...
Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police. The basis for the trick iss that it was possible to cancel an unconfirmed Bitcoin transaction before payment went through through, but after the decryption key was released. READ MORE...
A major internet subsea fiber cable in the South of France was severed yesterday at 20:30 UTC, causing connectivity problems in Europe, Asia, and the United States, including data packet losses and increased website response latency. Cloud security company Zscaler reports that they made routing adjustments to mitigate the impact. However, users still face problems due to app and content providers routing traffic through the impacted paths. READ MORE...
This week, the US government's Cybersecurity and Infrastructure Security Agency (CISA) expanded its ever-growing list of vulnerability in industrial control systems (ICS) and critical infrastructure technology. The latest warnings flag up severe flaws in products from Advantech and Hitachi Energy, which serve both consumer and commercial markets. The twin advisories include alerts about security holes in Advantech's R-SeeNet that can be exploited by remote attackers. READ MORE...
The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn't finish the war with any sort of hero's welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence. READ MORE...